DEV Community: Alexey The latest articles on DEV Community by Alexey (@anxi0uz). https://dev.to/anxi0uz https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3931418%2Fc542fda7-5e8e-4015-9f7c-16728c480054.jpg DEV Community: Alexey https://dev.to/anxi0uz en My friend wanted GitLab. He got Gitea and Nextcloud for Obsidian instead. Alexey Thu, 14 May 2026 14:22:41 +0000 https://dev.to/anxi0uz/my-friend-wanted-gitlab-he-got-gitea-and-nextcloud-for-obsidian-instead-500i https://dev.to/anxi0uz/my-friend-wanted-gitlab-he-got-gitea-and-nextcloud-for-obsidian-instead-500i <p>A friend sent me an article about GitHub potentially getting blocked in Russia and asked me to spin up GitLab. I suggested Gitea — I'd used it at a college hackathon, knew it was lightweight and wouldn't eat half the server. He agreed.</p> <p>While the deploy was running, I asked him how he syncs Obsidian. He said — plain WebDAV, nothing fancy. Well, server's already open anyway, so I threw in Nextcloud too. Hour and a half later I had both a git host and a cloud storage.</p> <h2> Why not GitLab </h2> <p>My friend originally wanted GitLab. I opened the docs, looked at the requirements — 4 GB RAM just to start — and said no. We don't have a dedicated git server, there's already a project running on it. GitLab would've eaten everything.</p> <p>Gitea idles at ~150 MB. Actions are compatible with GitHub Actions syntax, so existing workflows move over without rewriting. I'd already used it at a hackathon, knew it worked fine. Suggested it, got the green light.</p> <h2> On Helm </h2> <p>First time I touched Kubernetes was when I had to deploy a college project for a grade. Wrote manifests by hand — Deployment, Service, Ingress, PVC, repeat. I knew Helm existed but never had a reason to dig into it.</p> <p>Turns out it's like pacman, but for Kubernetes. One <code>values.yaml</code> instead of five hundred lines of YAML, one command — everything's up. Would've lost my mind doing it the old way.</p> <p>First though, Helm couldn't see the cluster at all:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Kubernetes cluster unreachable: Get "http://localhost:8080/version" </code></pre> </div> <p>k3s puts the kubeconfig somewhere Helm doesn't look by default. Fix:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">export </span><span class="nv">KUBECONFIG</span><span class="o">=</span>/etc/rancher/k3s/k3s.yaml <span class="nb">echo</span> <span class="s1">'export KUBECONFIG=/etc/rancher/k3s/k3s.yaml'</span> <span class="o">&gt;&gt;</span> ~/.bashrc </code></pre> </div> <h2> Gitea </h2> <p>The server already had ingress-nginx and cert-manager with a <code>letsencrypt-prod</code> ClusterIssuer. Set the DNS beforehand — A record <code>git.logiflowadvanced.online → 2.27.42.100</code>.</p> <p><code>gitea-values.yaml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">ingress</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">ingressClassName</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">hosts</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">host</span><span class="pi">:</span> <span class="s">git.logiflowadvanced.online</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/</span> <span class="na">pathType</span><span class="pi">:</span> <span class="s">Prefix</span> <span class="na">tls</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">secretName</span><span class="pi">:</span> <span class="s">gitea-tls</span> <span class="na">hosts</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">git.logiflowadvanced.online</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">cert-manager.io/cluster-issuer</span><span class="pi">:</span> <span class="s">letsencrypt-prod</span> <span class="na">gitea</span><span class="pi">:</span> <span class="na">admin</span><span class="pi">:</span> <span class="na">username</span><span class="pi">:</span> <span class="s">admin</span> <span class="na">password</span><span class="pi">:</span> <span class="s">yourpassword</span> <span class="na">email</span><span class="pi">:</span> <span class="s">your@email.com</span> <span class="na">persistence</span><span class="pi">:</span> <span class="na">size</span><span class="pi">:</span> <span class="s">10Gi</span> <span class="na">postgresql-ha</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">postgresql</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>helm repo add gitea-charts https://dl.gitea.com/charts/ helm repo update helm <span class="nb">install </span>gitea gitea-charts/gitea <span class="se">\</span> <span class="nt">--namespace</span> gitea <span class="nt">--create-namespace</span> <span class="se">\</span> <span class="nt">-f</span> gitea-values.yaml </code></pre> </div> <p>Pods came up. Opened the browser — invalid certificate, browser complaining. Checked the Ingress:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="go">NAME CLASS HOSTS ADDRESS PORTS </span><span class="gp">gitea &lt;none&gt;</span><span class="w"> </span>git.logiflowadvanced.online 80, 443 </code></pre> </div> <p><code>CLASS: &lt;none&gt;</code> — the nginx controller just ignored this Ingress entirely. cert-manager didn't issue anything either, so nginx was serving its default self-signed cert.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl patch ingress gitea <span class="nt">-n</span> gitea <span class="se">\</span> <span class="nt">--type</span><span class="o">=</span>json <span class="se">\</span> <span class="nt">-p</span><span class="o">=</span><span class="s1">'[{"op":"add","path":"/spec/ingressClassName","value":"nginx"}]'</span> </code></pre> </div> <p>After the patch, cert-manager issued the certificate and the site opened fine.</p> <h3> SSH </h3> <p><code>gitea-ssh</code> is created as a headless ClusterIP by default — not reachable from outside. Port 22 is taken by the system SSH, so I needed a NodePort. You can't patch a headless service into NodePort — have to delete and recreate:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl delete svc gitea-ssh <span class="nt">-n</span> gitea kubectl apply <span class="nt">-f</span> - <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> apiVersion: v1 kind: Service metadata: name: gitea-ssh namespace: gitea spec: type: NodePort selector: app.kubernetes.io/name: gitea ports: - port: 22 targetPort: 2222 nodePort: 30022 </span><span class="no">EOF </span></code></pre> </div> <p>Remote looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git remote add gitea ssh://git@git.logiflowadvanced.online:30022/username/repo.git </code></pre> </div> <h2> Nextcloud </h2> <p>Set up the DNS for <code>cloud.logiflowadvanced.online</code> while Gitea was still deploying.</p> <p><code>nextcloud-values.yaml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">ingress</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">ingressClassName</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">hosts</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">host</span><span class="pi">:</span> <span class="s">cloud.logiflowadvanced.online</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/</span> <span class="na">pathType</span><span class="pi">:</span> <span class="s">Prefix</span> <span class="na">tls</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">secretName</span><span class="pi">:</span> <span class="s">nextcloud-tls</span> <span class="na">hosts</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">cloud.logiflowadvanced.online</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">cert-manager.io/cluster-issuer</span><span class="pi">:</span> <span class="s">letsencrypt-prod</span> <span class="na">nginx.ingress.kubernetes.io/proxy-body-size</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0"</span> <span class="na">nextcloud</span><span class="pi">:</span> <span class="na">host</span><span class="pi">:</span> <span class="s">cloud.logiflowadvanced.online</span> <span class="na">username</span><span class="pi">:</span> <span class="s">admin</span> <span class="na">password</span><span class="pi">:</span> <span class="s">yourpassword</span> <span class="na">mariadb</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">auth</span><span class="pi">:</span> <span class="na">password</span><span class="pi">:</span> <span class="s">yourdbpassword</span> <span class="na">database</span><span class="pi">:</span> <span class="s">nextcloud</span> <span class="na">username</span><span class="pi">:</span> <span class="s">nextcloud</span> <span class="na">postgresql</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">persistence</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">size</span><span class="pi">:</span> <span class="s">10Gi</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>helm <span class="nb">install </span>nextcloud nextcloud/nextcloud <span class="se">\</span> <span class="nt">--namespace</span> nextcloud <span class="nt">--create-namespace</span> <span class="se">\</span> <span class="nt">-f</span> nextcloud-values.yaml </code></pre> </div> <p>Same <code>ingressClassName</code> issue — same patch, same result.</p> <p>After the first login it kept redirecting to <code>/login/cleary?=1</code>. Nextcloud didn't know its own external address:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl <span class="nb">exec</span> <span class="nt">-n</span> nextcloud deploy/nextcloud <span class="nt">--</span> <span class="se">\</span> php occ config:system:set overwriteprotocol <span class="nt">--value</span><span class="o">=</span><span class="s2">"https"</span> kubectl <span class="nb">exec</span> <span class="nt">-n</span> nextcloud deploy/nextcloud <span class="nt">--</span> <span class="se">\</span> php occ config:system:set overwrite.cli.url <span class="se">\</span> <span class="nt">--value</span><span class="o">=</span><span class="s2">"https://cloud.logiflowadvanced.online"</span> </code></pre> </div> <h3> Obsidian </h3> <p>Created separate users for me and my friend. WebDAV URL per user:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>https://cloud.logiflowadvanced.online/remote.php/dav/files/username/ </code></pre> </div> <p>In the RemotelySave plugin: type — WebDAV, URL, login, password. Works.</p> <p>The thing that ate most of my time wasn't Gitea or Nextcloud — it was <code>ingressClassName</code>. Neither chart sets it automatically, and without it nginx just ignores the Ingress completely. cert-manager doesn't issue anything. Browser shows self-signed, you stare at the logs, pods are all Running, no errors anywhere.</p> <p>Run <code>kubectl get ingress -n &lt;namespace&gt;</code> right after deploy. If CLASS says <code>&lt;none&gt;</code> — that's your problem.</p> <p>The other non-obvious one: <code>gitea-ssh</code> is headless and you can't patch it into a NodePort — you have to delete and recreate it. Spent a few minutes trying to patch it before actually reading the error.</p> <p>With Nextcloud and MariaDB — if MariaDB didn't come up on the first deploy or you uninstalled and reinstalled, helm will complain about credential mismatch on upgrade. Just <code>helm uninstall</code> + <code>kubectl delete pvc --all -n nextcloud</code> and start fresh, it's faster than untangling the creds.</p> kubernetes devops git selfhosted